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DETAILED ACTION 

• Applicant's submission for RCE filed on 06/23/2009 has been entered. 
Applicant has amended claims 1, 21 and 34 and canceled claims 35-36. 
Currently claims 1, 2, 9, 21, 27-30, 34, and 37-45 are pending in this 
application. 



Priority 

1. This application is filed as a continuation in part (CIP) of application 
1 0/1 1 3875. In order for claims in the CIP application (that is continuation-in-part of 
an earlier U.S. application) to receive the effective filing date of the parent 
application, claims in the new application must be supported by the specification 
and claims of the parent application. Examiner, in order to establish effective 
filling date for claims in this application, reviewed parent application 10/1 13875 
and was not able to find full support for both independent claims 1 and 21 of this 
application in the parent application. For example claims 1 and 21 both requires 
with other limitations, "wherein when the verification service causes the web 
page object to have at least one of the first and second contents, the web page 
object appears invisible to the visitor after it is rendered by the visitor's browser". 
Examiner was unable to find support for all these limitation in the parent 
application (1 0/1 1 3875). As a result, examiner asserts that all the independent 
claims receive the effective filing date of 09/29/2003 , which is a filing date of this 
application. Since the independent claims aren't fully supported by the parent 
application, dependent claims which incorporate all the limitations of independent 
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claims also are not fully supported by the parent application. As a result, all the 
dependent claims also receive the effective filling date of 09/29/2003 . 

Response to Arguments 

2. Applicant's arguments filed 6/23/2009 regarding 35 U.S. C. 1 12 first 
paragraph rejection of claim 42 have been fully considered but they are not 
persuasive for following reasons: 

• Applicant argues that, "Applicant respectfully disagrees and 
respectfully directs the Examiner's attention to Page 15, lines 7-10, 
which discloses that "the scanning engine is invoked for each device 
the customer service 102 has registered in the customer information 
database 304 according the schedule requested for that device" and 
that "[i]n one example, customers are offered five possible queue times 
to schedule scans of their service 1 02"' (emphasis added). Of course, 
the above citations are merely examples of the above claim language 
and should not be construed as limiting in any manner." 

• Examiner respectfully disagrees, Page 1 5, lines 7-1 0 discloses 
customers are offered five possible queue times to schedule scans of 
their service 102'. The term customer is used for the online service 
provider throughout the specification and the term visitor is used for the 
users of the online services (see, Fig. 2 and also Page 8, lines 16-18). 
The current claim 42 recites, "wherein the schedule is requested by 
the visitor ". The customers and not the visitors are provided with the 
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option of scheduling the scan. Therefore, the 35 U.S.C. 112 first 

rejection is maintained. 
3. Applicant's arguments filed 6/23/2009 have been fully considered but they 
are not persuasive for the following reasons: 

• Applicant further argues that, "Applicant respectfully emphasizes that 
the excerpts from Blyth relied on by the Examiner simply disclose 
parsing an XML document, and do not even mention an account 
number of a provider of the online service , let alone specifically teach 
that "the scanning engine parses the set of XML files and stores 
records of the parsed set of XML files in the database in association 
with an account number of a provider of the online service " (emphasis 
added), as applicant claims". 

• Examiner respectfully disagrees and would like to point out that Fig. 1 
clearly discloses the scanning engine parsing the set of XML files and 
storing records of the parsed set of XML files in the database. 
Furthermore, the argument regarding records are not stored in 
database in association with an account number of a provider of the 
online service is also not found persuasive because Fig. 6 clearly 
discloses the result of the scan includes the URL and an IP address of 
a provider of the online service both of which can be interpreted as an 
account number. Both the URL and an IP address are registered in 
DNS and are used to identify the online service provider therefore both 
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the URL and IP address can be interpreted as an account number of a 
provider of the online service. 

4. Other arguments with respect to claims 1 and 21 have been considered 
but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

5. Claims 1, 2, 9, 34, and 37-45 are rejected under 35 U.S.C. 101 because 
the claimed invention is directed to non-statutory subject matter. 

Claim 1 recites, "An apparatus for providing a security status of an on-line 

service, comprising: a web page object ; a verification service ". The 

claimed apparatus direct to software per se, which do not show the physical 
transformation. Therefore, the claimed "apparatus" would amount to computer 
programs, a type of functional descriptive material, per se. As such, the claimed 
system/apparatus must include the hardware necessary to realize any of the 
functionality of the claimed modules and produce a useful, concrete and tangible 
result. Absent recitation of such hardware as part of the claimed apparatus, it is 
considered non-statutory. 
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Claims 2, 9, 34 and 37-45 depend on claim 1, therefore they are rejected with the 
same rationale applied against claim 1 above. 

Claim Rejections - 35 USC §112 

6. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and 
process of making and using it, in such full, clear, concise, and exact terms as to enable any 
person skilled in the art to which it pertains, or with which it is most nearly connected, to make 
and use the same and shall set forth the best mode contemplated by the inventor of carrying 
out his invention. 

Claim 42 is rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to 
reasonably convey to one skilled in the relevant art that the inventor(s), at the 
time the application was filed, had possession of the claimed invention. Claim 42 
recite the following limitation: "wherein the schedule is requested by the visitor". 
Note that Page 15, lines 7-10 discloses customers are offered five possible 
queue times to schedule scans of their service 102'. The term customer is used 
for the online service provider throughout the specification and the term visitor is 
used for the users of the online services (see, Fig. 2 and also Page 8, lines 16- 
18). The current claim 42 recites, "wherein the schedule is requested by the 
visitor ". The customers and not the visitors are provided with the option of 
scheduling the scan. Correction/Clarification is required. 
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Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

Claims 1,2,9,21, 27-30, 37-39, and 41-45 are rejected under 35 
U.S.C. 1 03 (a) as being unpatentable over Khaishqi et al. (US 6,658,394 B1 ), 
hereinafter "Khaishqi" in view of Guirquis (Guirquis, Raqi; "Network- and Host- 
Based Vulnerability Assessments: An Introduction to a Cost Effective and Easy 
to Use Strategy": GIAC Security Essentials (GSEC) Practical, Version 1.4b, 
Publication Data: June 14-, 2003), hereinafter "Guirquis" and further in view of 
Tiso (Tiso, John: "Automated Security Scanning"; Svs Admin, Volume 9, Issue 
10, Pages 73-78, Publication: October 2000), hereinafter, "Tiso" and Bunker, V et 
al. (US 2003/0028803), hereinafter "Bunker" and further in view of Blvth (Blvth. 
Andrew: "An XML-based architecture to perform data integration and data 
unification in vulnerability assessments". Information Security Technical Report, 
Volume 8, Issue 4, April 2003, Pages 14-25), hereinafter "Blvth". 

Regarding Claims 1 and 21 Khaishgi discloses an apparatus and 
corresponding method for providing a security status of an on-line service, 
comprising: 

a web page object (Column 1, lines 26-28, "electronic seals") that is 
automatically rendered by a browser when a visitor uses the browser (Fig. 5, 
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Numerals 52, 54, 56, and 58, and at Column 2, lines 34-44, "browser") to access 
one or more web pages of the on-line service (Fig. 1 , Numeral 4, "Merchant") via 
a public network (Fig. 1, Numeral 12, "Network"); and 

a verification service (Fig. 2, Numeral 8, "Certification Service") that hosts 
the web page object (Fig. 2, Numeral 22, "Seal Servers") separately from the one 
or more web pages of the on-line service (Fig. 2, Numeral 4, Merchant's 
server(s) numeral 4 are separate from the "Seal servers 22" of "Certification 
Service", also refer to Column 3, lines 14-25), and further controls contents of the 
web page object (Column 3, lines 26-42), 

wherein the visitor is not required to take any action other then requesting 
access to the on-line service via the browser to receive the security status 
through the automatic rendering of the web page object by the visitor's browser 
(Column 2, lines 66-67 and Column 3, lines 1-2, "Merchants 4 post their 
corresponding electronic seals on their web sites or in electronic mail messages 
(emails) in order to increase the confidence of potential customers", Note: Since 
web-page of the merchant contains the link of the seal, the seal is generated and 
displayed on the web-page when client generates a request for a web-page from 
a merchant, client will only need to take further action (i.e. click on the seal) if 
client want "more information" about the seal and merchant, refer to Column 
3,line 14-25) , and 

wherein the verification service causes the contents of the web page 
object to be changed in accordance with its prior determination of a level of the 
security status (Column 4, lines 60-67 and Column 5, lines 1-7, "When user 6 
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accesses a merchant 4, client device 10 is directed to retrieve a seal from seal 
servers 22. More specifically, seal servers 22 receive a request from computing 
device 1 0 that includes a unique identifier for one of the merchants and, 
therefore, uniquely identifies one of the media objects within seal repository 25 
(step 52). Seal servers 22 log the request by storing the IP address within 
request log 24 (step 54) and select the appropriate media object according to the 
unique identifier (step 56). "), such that when the verification service determines, 
in a first verification operation prior to the visitor's access request, that the on-line 
service has a first level of the security status, it causes the web page object to 
have first contents (Column 4, lines 60-67 and Column 5, lines 1-7, Seal server 
provide the electronic seal corresponding to the merchant to the client), and 
when the verification service determines, in a second verification operation prior 
to the visitor's access request, that the on-line service has a different second 
level of the security status (Column 4, lines 49-52, "Next, seal maintenance 
modules 27 periodically regenerate the media objects in order to update the 
embedded information including the expiration date (Step 48).") , it causes the 
web page object to have different security status levels via the browser's 
automatic rendering of the prior-determined and changed web page object 
contents when the visitor requests access to the on-line service (Column 4, lines 
52-54, "For example, a new set of media object can be generated daily in order 
to facilitate detection of expired seals"), and 

wherein the first and second verification operations to determine the on- 
line service's security status and control the contents of the web page object are 
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performed by the verification service prior to and completely independently from 
the visitor's request to access the on-line service, and independently from any 
action by the visitor and visitor's browser (Column 4, lines 28-57, Note: Both the 
seal generation and maintenance are done by certification service and these 
steps are done completely independently from the visitor's request to access the 
on-line service, i.e. visitor's request to access the on-line service does not trigger 
initial seal request operation from merchant (fig. 3) or the maintenance which can 
be done daily) , and 

wherein when the verification service causes the web page object to have 
at least one of the first and second contents, the web page object appears 
invisible to the visitor after it is rendered by the visitor's browser (Column 4, lines 
54-57, "In one configuration, seal issuer 8 generated a media object having a 
transparent image when the corresponding merchant 4 loses its certification 
status, In this manner, the seal "disappears" from the merchant web site"). 
Khaishgi discloses changing the seal in response to detecting expiration of the 
seal (Column 4, lines 54-57). Khaishgi does not explicitly disclose: 

wherein the levels of the security status displayed for the visitor via the 
automatic rendering of the web page object indicate how vulnerable devices and 
services of the on-line service are to hackers and other online security threats as 
determined by the first and second verification operations; wherein at least one of 
the first and second verification operations includes scanning the on-line service 
from a remote address on the network and wherein the scanning produces a set 
of XML files including information about open ports, available service, network 
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protocols, security exposures and vulnerabilities associated with a device 
providing the on-line service and wherein a scan header record associated with 
the scanning is stored in a database. 

Guirguis discloses a system (nessus engine) which detects how 
vulnerable devices and services of the on-line service are to hackers and other 
online security threats as determined by a verification operation (see, Page 2, 
2nd Paragraph, "Vulnerability assessments identify and suggest fixes for possible 
vulnerabilities that attackers might exploit in operating systems or in mail, HTTP, 
and FTP servers.") and wherein at least one of the first and second verification 
operations includes scanning the on-line service from a remote address on the 
network (See Page 5, Section 3.1 .3) and wherein the scanning produces a set of 
XML files including information about open ports, available service, security 
exposures and vulnerabilities, the information associated with a device providing 
the on-line service (see, Page 2, 2 nd paragraph and Page 6, Section 3.1 .4) 
wherein a scan header record associated with the scanning is stored in a 
database (see, Page 6, 2 nd Paragraph). 

Therefore, it would have been obvious at the time the invention was made 
to one of ordinary skill in the art to scan the online services of Khaishgi from a 
remote location for vulnerabilities as taught by Guirguis because "performing VAs 
on company systems provide three key pieces of information necessary for 
improving their security: 1) it is easier to locate which systems are vulnerable, 2) 
it identifies what services/components are vulnerable, and 3) it suggests the best 
method for repairing the vulnerabilities (i.e. - it recommends which patch or 
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software version should be used/applied). Performing this procedure on a regular 
basis allows IT professionals to find and repair possible security vulnerabilities 
before attackers find and exploit them." (See, page 2, 2 nd paragraph). 

The combination of Khaishgi and Guirguis further discloses the scan 
header record including a number of vulnerabilities classified by severity level 
(see, Guirguis, Page 6, 1st paragraph) and the combination further discloses 
wherein the scanning is performed using a scanning engine of the verification 
service (see, Guirguis, Page 5, section 3.1.2). 

The combination of Khaishgi and Guirguis does not explicitly disclose the 
scan header record including a date, launch time, and duration. 

However, Tiso discloses generating a scan report including date, launch 
time and duration (see, Page 74, Table 1). 

Therefore, it would have been obvious at the time the invention was made 
to one of ordinary skill in the art to add, in the scan report of the combination of 
Khaishgi and Guirguis, data launch time and duration of the scan as taught by 
Tiso so that reviewer of the report can simply look at the summery to get some 
overview about the scan results. 

The combination of Khaishgi, Guirguis and Tiso does not disclose wherein 
at least one of the first and second verification operations include determining the 
security status by comparing a fingerprint of a new vulnerability to a stored list of 
the devices and services and without performing an actual scan or test of the 
devices and services. 
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However, Bunker discloses determining the security status by comparing 
a fingerprint of a new vulnerability to a stored list of the devices and services and 
without performing an actual scan or test of the devices and services (paragraph 
0019 line 11-14, "The configuration of the new vulnerability may be compared to 
the customer's system network configuration in the last test for the customer. ") 

Therefore, It would have been obvious at the time the invention was made 
to one of ordinary skill in the art further modify the virus scanner of the combined 
system of Khaishgi, Guirguis and Tiso to send alert based on information in the 
stored profile and newly received vulnerability information without requiring a new 
scan, as taught by Bunker so "only customers affected by the new security 
vulnerabilities may receive the alert" (paragraph 0020 lines 1-2) also this kind of 
configuration provides real time security alerts that warns operators to perform 
appropriate action when new newly received security vulnerability can potentially 
harm their system. 

The combination of Khaishgi, Guirguis, Tiso and Bunker discloses XML 
file information about open ports, available service, security exposures and 
vulnerabilities, the information associated with a device providing the on-line 
service but does not explicitly disclose XML file including information about a 
network protocol, the information associated with a device providing the on-line 
service and wherein the scanning engine parses the set of XML files and stores 
records of the parsed set of XML files in the database in association with an 
account number of a provider of the online service and wherein the database 



Application/Control Number: 10/674,878 Page 
Art Unit: 2435 

stores the information about generic services expected to be running on the open 
ports. 

However, Blyth discloses XML file including information about a network 
protocol, the information associated with a device providing the on-line service 
(see, Fig. 7, "servicename = SSH" "servicename = "smtp") and wherein scanning 
engine parses the set of XML files and stores records of the parsed set of XML 
files in the database in association with an account number of a provider of the 
online service (see, Page 16, 1st paragraph, Fig. 1 and also Fig. 6). 

Therefore, it would have been obvious at the time the invention was made 
to one of ordinary skill in the art to parse, the set of XML files produced by the 
combination of Khaishgi, Guirguis, Tiso and Bunker, in the database as taught by 
Blyth so that "large quantities of security-related information can be captured 
within a single database schema" (see, Blyth, Abstract). 

The combination of Khaishgi, Guirguis, Tiso, Bunker and Blith further 
discloses wherein the database stores the information about generic services 
expected to be running on the open ports (see, Blith, Page 17, 1 st paragraph, "the 
name of the service that is normally associated with that port number"). 

Regarding Claims 2 and 27, rejections of claims 1 and 21 are 
incorporated the combination of Khaishgi, Guirguis, Tiso, Bunker and Blith further 
discloses wherein the on-line service comprises devices and services (Fig. 1 , 
Numeral 4, representing web-servers of Merchant 4) and verification service 
determines the security status level of the on-line service (Column 2, lines 44-46, 
"Seal issuer 8 verifies the credentials, policies or business practices of each 
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Merchant 4 and issues a corresponding seal of certification to each merchant 4 
upon verification.") by evaluating vulnerability scan of the devices and services 
comprising the on-line service (see Guirguis, Page 6, Section 3.1 .4) 

Regarding Claims 9 and 28, rejections of claims 2 and 27 are 
incorporated and the combination of Khaishgi, Guirguis, Tiso, Bunker and Blith 
further discloses verification service periodically receives result of a new 
vulnerability scan of the devices and services comprising the on-line service and 
causes the contents of the web page object to be changed it a changed security 
status level is determined, thereby automatically providing the visitor with an 
updated security status (see Guirguis, Page 5, Section 3.1 .3, and Khaishgi, 
Column 4, lines 49-57) 

Regarding Claim 29, the rejection of claim 21 is incorporated and the 
combination of Khaishgi, Guirguis, Tiso, Bunker and Blith further discloses the 
web page object comprises an image and an associated URL (Column 3, lines 
28-31 , "Each media object contains media, such as image data, video data, and 
audio data, that merchant 4 presents as an electronic seal of certification." and 
also at Column 3, lines 58-67, URL for the seal). 

Regarding Claim 30, the rejection of claim 21 is incorporated and the 
combination of Khaishgi, Guirguis, Tiso, Bunker and Blith further discloses the 
web page object comprises a graphical file whose contents are periodically 
updated in accordance with a periodically determined security status level 
(Column 3, lines 28-31, "Each media object contains media, such as image data, 
video data, and audio data, that merchant 4 presents as an electronic seal of 
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certification." and at Column 4, lines 49-57, "Next, seal maintenance modules 27 
periodically regenerate the media objects in order to update the embedded 
information including the expiration date (step 48). For example, a new set of 
media objects can be generated daily in order to facilitate detection of expired 
seals.") 

Regarding Claim 37, the rejection of claim 36 is incorporated and the 
combination of Khaishgi, Guirguis, Tiso, Bunker and Blyth further discloses the 
records include a detail record for each positive test result associated with the 
scanning (see, Blyth, Fig. 11). 

Regarding Claim 38, the rejection of claim 1 is incorporated and the 
combination of Khaishgi, Guirguis, Tiso, Bunker and Blyth further discloses 
wherein the visitor is allowed to log in and review interactive reports associated 
with the scanning (see, Khaishgi Fig. 6 for user requesting the merchant 
information combined with Guirguis, Page 6, Section 3.1.4). 

Regarding Claim 39, the rejection of claim 1 is incorporated and the 
combination of Khaishgi, Guirguis, Tiso, Bunker and Blyth further discloses 
wherein the levels of security status displayed for the visitor includes a security 
meter (see, Khaishgi, Fig. 6 combined with Guirguis, Page 6, Section 3.1 .4). 

Regarding Claims 41 and 42, the rejection of claim 1 is incorporated and 
the combination of Khaishgi, Guirguis, Tiso, Bunker and Blyth further discloses 
wherein the scanning is performed according to a schedule and is requested by 
the visitor (see, Bunker, Paragraphs 0051-0052). 
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Regarding Claim 43, the rejection of claim 1 is incorporated and the 
combination of Khaishgi, Guirguis, Tiso, Bunker and Blyth further discloses 
wherein the information in the database is initialized manually (see, Khaishgi, 
Column 4, lines 32-34 describing manual registration process). 

Regarding Claim 44, the rejection of claim 43 is incorporated and the 
combination of Khaishgi, Guirguis, Tiso, Bunker and Blyth further discloses 
wherein the information in the database is initialized automatically (see, Khaishgi, 
Column 4, lines 32-34, describing automatic registration process). 

Regarding Claim 45, the rejection of claim 1 is incorporated and the 
combination of Khaishgi, Guirguis, Tiso, Bunker and Blyth further discloses 
wherein the scanning is performed on each device registered by the on-line 
service in the database (see, Bunker, Paragraphs 0052-0054). 

Claim 34 is rejected under 35 U.S.C. 103 (a) as being unpatentable over 
Khaishgi in view of Guirguis, Tiso, Bunker and Blyth and further in view of 
Nessus Scan Report (retrieved from: 

http://web.archive.org/web/20001217231600/www.nessus.org/demo/report.txt, 
Publication: 2000), hereinafter "Nessus Scan Report". 

Regarding Claim 34, the rejection of claim 1 is incorporated and the 
combination of Khaishgi, Guirguis, Tiso and Bunker further discloses the 
database stores the information about the open ports on the device providing the 
online services (see Page 6, 1st paragraph). 
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The combination does not however explicitly discloses including in the 
report actual services running on the open ports, including a Version and network 
message protocol associated with the actual services. 

However, Nessus Scan Report discloses a report that includes actual 
services running on the open ports, including a Version and network message 
protocol associated with the actual services (see, Nessus Scan Report, 
"Information found on port ftp (21 /tap) bonsai microsoft ftp service (version 
4.0). 500 'get / http/1 .0': command not understood"). 

Therefore, it would have been obvious at the time the invention was made 
to one of ordinary skill in the art to add, in the scan report of the combined 
system of Khaishgi, Guirguis, Tiso and Bunker, information actual services 
running on the open ports, including a Version and network message protocol 
associated with the actual services so that the administrator of the web server 
can identify vulnerabilities within open ports and resolve them efficiently. 

Claim 40 is rejected under 35 U.S.C. 103 (a) as being unpatentable over 
Khaishgi in view of Guirguis, Tiso, Bunker, Blith and further in view of 
Nvanchama et al. (US 2003/0154269 AU hereinafter "Nvanchama". 

Regarding Claim 40, the rejection of claim 1 is incorporated and the 
combination of Khaishgi, Guirguis, Tiso, and Bunker does not explicitly disclose 
wherein the levels of the security Status displayed for the visitor include an 
overall numeric rating. 

However, Nyanchama discloses displaying the levels of security status 
that include an overall numeric rating (see Paragraph 0031). 
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Therefore, it would have been obvious at the time the invention was made 
to one of ordinary skill in the art to include, in the security status report of the 
combined system of Khaishgi, Guirguis, Tiso and Bunker, an overall numeric 
rating as taught by Nyanchama because that provides "automated assessment 
and quantification of, or security risks associated with, the vulnerabilities of 
computer network" (see, Nyanchama, Paragraph 0001). 



Conclusion 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to YOGESH PALIWAL whose telephone 
number is (571 )270-1 807. The examiner can normally be reached on M-F: 7:30 
AM - 5:00 PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached on (571) 272-3859. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 

FY. P.I 

Examiner, Art Unit 2435 



/Beemnet W Dada/ 

Primary Examiner, Art Unit 2435 



